Re: Row data is reflected in DETAIL message when constraints fail oninsert/update

On 6/19/19 8:56 PM, William Denton wrote:
> When inserting up updating a row with not null constraints that are not 
> satisfied, postgres reflects the values in the row in the error DETAIL.
> 
> postgres=# create database test;
> CREATE DATABASE
> postgres=# \c test;
> psql (11.1 (Debian 11.1-3.pgdg90+1), server 11.2)
> You are now connected to database "test" as user "postgres".
> test=# create table person (firstname text not null, lastname text not 
> null, email text not null);
> CREATE TABLE
> test=# insert into person values ('william', 'denton', null);
> ERROR:  null value in column "email" violates not-null constraint
> DETAIL:  Failing row contains (william, denton, null).
> test=# insert into person values ('william', 'denton', 
> 'email@example.com <mailto:email@example.com>');
> INSERT 0 1
> test=# update person set email = null;
> ERROR:  null value in column "email" violates not-null constraint
> DETAIL:  Failing row contains (william, denton, null).
> test=#
> 
> Is there a setting where i can disable the DETAIL field being populated 
> with row data?

See:

https://www.postgresql.org/docs/11/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT

log_error_verbosity

> 
> Currently sensitive data (PII in the case illustrated above) is being 
> leaked by the database engine and relayed up into my application where 
> is finds its way into application logs.
> 
> I have also opened a github issue with Npgsql to see if its possible to 
> suppress this DETAIL field in exceptions, but it seems this is an issue 
> that all DB drivers/clients will face. 
> https://github.com/npgsql/npgsql/issues/2501
> 
> Being able to reflect out the data on a row without doing a select may 
> be a security issue as well.
> 
> Thank you!


-- 
Adrian Klaver
adrian.klaver@aklaver.com